You're looking at it from the BackEnd (Developer) point of view, try and see it from a end user perspective.
Setting WF means, I want that person to make pages and update the website, but I don't trust them enough to allow them to do anything directly on the public website.
Everything that changes the public website, needs to be approved first. As you said it yourself "the purpose of it is not letting the Authors create and publish pages without approval"
. Removing a page should fall under the same category. And it does, cause like you said it "Author has full control over his own pages (except for publishing and deleting)"
You see 'deleting' as physically removing the page from the db. I as an end user see a '404' as a delete page. Just because the page still exists in the backend does not mean a person who's not trusted to publish or delete a page should be allowed to remove a page from its current location.
It isn't a matter of 'sense'. When user accounts are linked to individual persons, the risk is limited because you couldn't move a page Petya created. But suppose you all the sales staff share the 'sales' login, a not so uncommon scenario with small/standard implementations, then all of a sudden the risk and damage will be far greater.
Suppose 'sales' login is shared across the team, meaning you have authorization to create and edit pages who need to be approved by someone. Now go and change the url from http://www.sitefinity.com/devnet/forums.aspx
and wait till all hell breaks loose :)
That's a security flaw, not a bad implementation or design choice because the end customer decided to create group BackEnd accounts instead of individual personal BackEnd accounts.
Secondly the ability to edit properties without workflow approval means I can move the homepage if I want to, even to a page that's still waiting approval. Even if the homepage is set to a page not created by me or someone in my role.
(Create a page>add some content>save for approval. Now in page overview click Actions>Set as Homepage. Now browse live site).
The only way to avoid people to do that, is make it so that they don't have permissions to edit properties. But if they don't have permission to change properties (set modify page properties to administrator alone and thus removing owner/etc...) they can't create any page, because when creating a page you start with editing it's properties which you don't have permission to do so....
I know I'm not the best at describing the issue in words, but if this doesn't explain it, I'll make a video :)